Field of the Invention
The present invention relates, in general, to an authentication and payment system and method using a mobile communication terminal and, more particularly, to an authentication and payment system and method using a mobile communication terminal, which separately processes authentication and approval using the terminal of a merchant (a mobile communication terminal, wired terminal or terminal connected via a leased line) and the mobile communication terminal of a purchaser without leaking payment information about the purchaser, in direct sales transactions between a merchant and a purchaser offline and mail order sales transactions using multimedia or printed media, such as terrestrial broadcasting, satellite broadcasting or catalogs.
Description of the Related Art
The development of computers and information and communication technology has been rapidly progressing to an extent that no one could have predicted. Therefore, no one can predict the time and place when and where new technology will emerge. In particular, developments in virtual space have been incredible. Commercial transactions are performed in Internet space as well as education, conferences, exhibitions and medical examinations. Therefore, the most advanced information and communication technology is rapidly influencing the everyday life of human beings to the extent that people now live in an information oriented society, not in an industrial society.
Recently, countries and enterprises all over the world have concentrated on electronic commerce in Internet and cyber shopping malls providing electronic commerce. Cyber shopping malls are advantageous in that the provision of commodity information, payment processing and even delivery, in the case of digital media products, can be processed together without temporal or spatial restrictions or distance limitations. Therefore, cyber shopping malls provide advantages such as convenience and time savings to consumers, and provide advantages such as cost reduction attributable to the simplification of distribution stages and the publicity of enterprises at low cost to the enterprises, thus allowing consumers and enterprises to make use of cyber shopping malls.
As electronic commerce continuously progresses in this way, payment methods have rapidly broadened. Payment on the Internet has mostly been performed using credit cards and online deposits. However, recently, new payment means using mobile phones or a wired/wireless Audio Response System (ARS) have emerged, and have rapidly become popularized.
In particular, as a general trend towards paid content emerges, micro payment services greatly increase as a means for making payments for content below 1,000 Won. Among the above micro payment services, a payment service using wired/wireless telephones is widely used, especially by the younger generation, due to the advantage that payment is easily made and convenient after the purchase of a commodity through a small transaction. Therefore, recently, the use of payment services using wired/wireless telephones has gradually increased, while the use of payment through on-line deposits has gradually decreased.
Currently, various systems and methods are applied to an electronic payment system using the Internet according to various authentication and approval procedures. Among the systems and methods, a Secure Socket Layer (SSL)-based electronic payment system is a scheme of encrypting payment information and payment authentication information about a user and transferring the encrypted information to a shopping mall, an issuer, etc. using the SSL. The SSL-based electronic payment system can be developed and applied relatively easily, but it is problematic in that security is low and a method of authenticating a card holder requires separate payment authentication information.
Further, Secure Electronic Transaction (SET), published in 1997 to strengthen low security, performs double encryption on the basis of a certificate of authentication (including a user's personal certificate) so as to prevent the leakage of payment information, thus increasing security and guaranteeing stability. However, SET is problematic in that the system is too complicated to implement, so that SET is not widely used.
Recently, a method of separating a user authentication process for an issuer and a payment authorization process to allow responsibility for user authentication to be assumed by an issuer and to allow the issuer to directly participate in a payment process has been used. For this method, authentication payment services, such as Verified by VISA of VISA, SecureCode of MasterCard and J/Secure of JCB that make use of a 3-D Secure protocol have recently been provided to credit card member companies. A separate certificate-based electronic payment service is domestically provided along with the authentication payment services to meet the requirements of legal systems.
In the meantime, in offline payment, a chip-based credit card (a smart card-based credit card employing Europay, MasterCard, Visa (EMV) standard) that has improved security and stability to prevent the forgery and illegal use of typical magnetic credit cards has been introduced. Such a technical requirement and variations thereof were the solution of VISA, MasterCard and member companies to prevent the rapidly increasing illegal use of card payment information through reproduction and forgery.
However, the introduction of new user authentication technology on/offline has still not been applied to some service business fields due to the characteristics of typical transactions.
Those service business fields include direct sales and door-to-door sales for performing payment for transaction and contracts between a purchaser and a merchant. In the process of purchasing door-to-door sales, allowing a purchaser to purchase a commodity from a merchant face-to-face, and the process of purchasing mail order sales using telephone calls, the purchaser verbally communicates payment information, such as credit card information, to the merchant, and the merchant requests payment approval using the received payment information of the purchaser without authenticating the purchaser, thus completing a payment process.
A transaction method of allowing a service provider to make a special contract with a credit card company as a member store, to draw up a sales slip using only a credit card number, a credit card validity period, or part of a resident registration number by hand without a separate authentication process, and to bill a credit card company for the credit sale price without obtaining the signature of a consumer on the sales slip, according to the method of conducting a transaction in the case of telemarketing, includes mail order sales, direct door-to-door sales, etc. This transaction is designated as a hand-written transaction, and member stores using the hand-written transaction can be classified as ‘hand-written transaction member stores’.
A payment process using hand-written sales slips in direct door-to-door sales and mail order sales is problematic in that a separate authentication process for payment information about a purchaser is not executed, and, in addition, important payment information about the purchaser is inevitably leaked to the merchant during a payment process.
In the meantime, mail order sales or direct sales fields using the hand-written transaction are problematic in that they cannot include a separate authentication process due to the method of the transactions, and always include the risk of leaking payment information, thus causing direct financial loss to purchasers.
Further, hand-written transaction member stores are additionally problematic in that they must deposit in a financial institution a certain amount within a credit limit for security proportional to the risk of hand-written transactions, so that the initial investment burden is increased, it is difficult to ensure the stability of business, and a financial institution levies additional separate financial management charges to maintain and manage hand-written transaction member stores, the reliability of which are not yet ensured.